tanglebot

General

Target

Chrome.apk
Size

7.4MB
Sample

250118-2fa8baxjdy
MD5

110304eb4fc1489fae42cbdbfd1bae44
SHA1

2fdb0c3c8718e71f65826dceb183967b896d9d73
SHA256

78ccbe9c1fb239f8deab48ab5b62655d2ecc798f30c2510af070e66a22870f0c
SHA512

f7cfc1e6ccb237e33dd063d288377961fdadf529d461bbc92428aaee032c500f96e3b89f91ab02a0e781474b02f20e8ed580e2e70654923681b5bcd46b0eea34
SSDEEP

196608:W4tRE3yhXi7muE/0XYUeY6GcZabKXC3w2X7wEGELLUDQyv:fa34iNE/0XYUZGZWOTgD7Ed

Score

10^/10

Malware Config

Extracted

Family

tanglebot

C2

https://t.me/+ZJAj-vCkxkE4N2E0

https://t.me/+jz7SONzTmCI0YmM0

https://t.me/+saoiPgiTyD1iZDBk

Targets

- Target
  
  Chrome.apk
- Size
  
  7.4MB
- MD5
  
  110304eb4fc1489fae42cbdbfd1bae44
- SHA1
  
  2fdb0c3c8718e71f65826dceb183967b896d9d73
- SHA256
  
  78ccbe9c1fb239f8deab48ab5b62655d2ecc798f30c2510af070e66a22870f0c
- SHA512
  
  f7cfc1e6ccb237e33dd063d288377961fdadf529d461bbc92428aaee032c500f96e3b89f91ab02a0e781474b02f20e8ed580e2e70654923681b5bcd46b0eea34
- SSDEEP
  
  196608:W4tRE3yhXi7muE/0XYUeY6GcZabKXC3w2X7wEGELLUDQyv:fa34iNE/0XYUZGZWOTgD7Ed
Score

7^/10

evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
behavioral1
- Target
  
  origin_resource.apk
- Size
  
  1.3MB
- MD5
  
  58982c33eb4a5a70d63b008d24871e0c
- SHA1
  
  fa4e675779b4e812a578ae2c7e507473c79d158f
- SHA256
  
  36da85e04b8ca903595f42dc9e171c07016cc0684689dff511635cbeba507287
- SHA512
  
  40796ddf25b65263bfe3f3ad0e0033038b58578e7ecefeb17e7cdc4a630579d938e2a0a5718d4d957256f96c4d63081c43ddc6ebcc971148d2752b7d8c6359b5
- SSDEEP
  
  24576:BSfrLTeaaEGmd/G4XPjMm6LckIKnPMvSiGH:BKrLT6E5dQUhWM6rH
Score

10^/10

tanglebot banker collection credential_access discovery evasion impact infostealer spyware trojan
- TangleBot
  TangleBot is an Android SMS malware first seen in September 2021.
  trojan infostealer spyware tanglebot
- TangleBot payload
- Tanglebot family
  tanglebot
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Reads information about phone network operator.
  discovery
behavioral2